Director of Application and DevSecOps Security

🕒 il y a 20 jours

🤠 Texas – Distant

🤠 Texas – Remote

💵 $150 200 - $214 500 / an

⏰ Temps Plein

🔴 Expert

⛑ Ingénieur DevOps & SRE

🦅 Parrain de Visa H1B

Cette entreprise a parrainé des visas H1B par le passé.

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

Gainwell Technologies

Site WebLinkedInTous les Emplois

10 000+ employés

⚕️ Assurance santé

💰 Grant en 2023-06

Healthcare Insurance • Human Services • Healthcare

Gainwell Technologies est le principal fournisseur national de solutions numériques et en mode cloud dans l'écosystème des services sociaux et de la santé publique. Avec une approche axée sur les missions, Gainwell sert des clients dans les 50 états américains, en se concentrant sur l'amélioration des résultats de santé et la fourniture d'expériences intuitives centrées sur l'humain. Leur gamme complète de solutions comprend la modernisation de l'entreprise Medicaid, l'analyse de données, les services aux prestataires et les solutions pharmaceutiques, toutes conçues pour faire progresser l'avenir des soins de santé et améliorer le bien-être communautaire.

Description

• Define and lead the enterprise Application Security and DevSecOps strategy aligned to business objectives • Build and mature a shift-left security program integrated into CI/CD pipelines • Establish and implement roadmap for API security, including governance, discovery, and runtime protection • Balance governance with enablement by establishing guardrails, reusable patterns, and self‑service security tooling that empower engineering teams • Lead, mentor, and grow a high-performing security engineering team • Oversee secure coding practices, SAST/DAST/SCA tooling, and vulnerability management processes • Define API security standards including authentication, authorization, rate limiting, and data protection • Drive threat modeling practices across critical applications and services • Partner with engineering and development teams to remediate risks and improve secure design patterns • Embed automated security controls into CI/CD pipelines • Champion developer-first security tooling and workflows • Partner with DevOps teams to ensure secure infrastructure-as-code (IaC) practices • Measure and improve security posture through pipeline metrics and KPIs • Define and maintain secure SDLC policies, standards, and control frameworks • Establish secure design and architecture requirements for new systems • Ensure alignment with regulatory and compliance requirements (e.g., SOC 2, ISO 27001, NIST) • Lead security reviews and design approvals for critical initiatives • Design and implement role-based and just-in-time developer security training programs • Build secure coding guidelines and internal knowledge resources • Drive security awareness and culture across engineering teams • Partner with leadership to ensure adoption and accountability • Define KPIs and KRIs for application and DevSecOps security maturity • Report on risk posture, vulnerabilities, and program effectiveness to executive leadership • Continuously assess and improve tooling, processes, and coverage

🎯 Exigences

• 10+ years of experience in cybersecurity with a strong focus on application security and DevSecOps • 5+ years in a leadership or director-level role managing teams • Deep expertise in secure SDLC, application security testing (SAST, DAST, SCA), and API security • Experience integrating security into CI/CD pipelines and cloud-native environments (AWS, Azure, or GCP) • Experience with container security, Kubernetes security, serverless security concepts and delivery • Strong knowledge of modern architectures (microservices, containers, Kubernetes) • Proven experience building security programs and influencing engineering culture

🏖️ Avantages

• Generous, flexible vacation policy • Educational assistance • Comprehensive health benefits • 401(k) employer match • Leadership and technical development academies